Get Gentoo!

Last updated: 2026-01-15 14:16:13 +0100

unclassified (114)


??: 114
Average staleness: 412 / Average age: 563

BugSeveritySummaryStatusStaleAge
864013

??

app-i18n/yaskkserv2: 'cargo audit' reports one or more bundled CRATES as vulnerable

12581258
864028

??

app-shells/mcfly: 'cargo audit' reports one or more bundled CRATES as vulnerable

12581258
864031

??

app-shells/nushell: 'cargo audit' reports one or more bundled CRATES as vulnerable

12581258
864067

??

dev-util/rustup: 'cargo audit' reports one or more bundled CRATES as vulnerable

12581258
864076

??

dev-util/wachy: 'cargo audit' reports one or more bundled CRATES as vulnerable

12581258
864082

??

dev-vcs/mercurial: 'cargo audit' reports one or more bundled CRATES as vulnerable

12581258
864046

??

dev-python/adblock: 'cargo audit' reports one or more bundled CRATES as vulnerable

12571258
675904

??

dev-db/{mariadb,mysql,percona-server,mysql-connector-c}: ENABLED_LOCAL_INFILE in the client is exploitable by the server

12532552
864052

??

dev-util/bingrep: 'cargo audit' reports one or more bundled CRATES as vulnerable

12061258
880669

??

[Tracker] Go x/text DoS via crafted Accept-Language header

CVE-2022-32149

linux kernel: multiple vulnerabilities in Xen
sys-apps/portage uses /var/tmp insecurely
[Tracker] UAF in Expat's xmlparse.c:doContent
[Tracker] Vulnerabilty in app-arch/qpress
[Tracker] Prometheus basic authentication bypass via exporter-toolkit
[Tracker] Denial of service in Go's net/http
[Tracker] Denial of service in Go's crypto/ssh
[Tracker] nuget credential leakage
Use-after-free in Zen 2 processors ("zenbleed")
[Tracker] MySQL DoS (Oracle CPU Oct 2023)
RUSTSEC-2023-0075: unsafe-libyaml: Unaligned write of u64 on 32-bit and 16-bit platforms
GHSA-c827-hfw6-qwvm: rustix: memory explosion leading to potential DOS
[Tracker] runc container breakout vulnerability
[Tracker] CUPS vulnerabilities on 2024-09-26
[Tracker] Vulnerability in 7zip's zstandard (zstd) implementation
dev-libs/xmlrpc-c[-libxml2] uses vulnerable bundle of dev-libs/expat from many years ago
media-libs/giflib buffer overflow
media-libs/giflib path traversal vulnerability in gifinto utility
net-print/cups-filters, net-print/libcupsfilters: multiple vulnerabilities
www-client/chromium, www-client/google-chrome, <www-client/microsoft-edge-143.0.3650.80, www-client/opera, www-client/vivaldi: multiple vulnerabilities
www-client/chromium, www-client/google-chrome, www-client/microsoft-edge, www-client/opera, www-client/vivaldi: multiple vulnerabilities

11621162

unknown (35)


Major: 1 / Normal: 5 / Minor: 13 / Trivial: 10 / ??: 6
Average staleness: 893 / Average age: 1265

BugSeveritySummaryStatusStaleAge
934736

Major

<app-editors/emacs-{26.3-r19,27.2-r17,28.2-r13,29.3-r3} <app-emacs/org-mode-9.7.5: org-mode command execution vulnerability

CVE-2024-39331

413572
786957

Normal

net-misc/wget: Authorisation header disclosure on redirect (CVE-2021-31879)

CVE-2021-31879

15351722
765361

Normal

<dev-lang/R-4.0.4: code execution via malicious CRAN package (CVE-2020-27637)

CVE-2020-27637

7401828
929208

Normal

<dev-python/idna-3.7: potential DoS via resource consumption via specially crafted inputs to idna.encode()

CVE-2024-3651

400643
957792

Normal

<kde-apps/konsole-24.12.3-r1, <kde-apps/konsole-25.04.2: Incorrect telnet scheme handling

CVE-2025-49091

214219
869413

Normal

sys-apps/man2html: multiple vulnerabilities

CVE-2021-40647 CVE-2021-40648

971223
761412

Minor

dev-libs/libtomcrypt: Out of bounds read (CVE-2019-17362)

CVE-2019-17362

16311849
714024

Minor

sci-libs/hdf5: multiple vulnerabilities

CVE-2020-10809 CVE-2020-10810 CVE-2020-10811 CVE-2020-10812 CVE-2021-45829 CVE-2021-45830 CVE-2021-45832 CVE-2021-45833 CVE-2021-46242 CVE-2021-46243 CVE-2021-46244

sci-libs/hdf5: heap buffer overread

14542125
661156

Minor

sci-libs/hdf: Multiple vulnerabilities

CVE-2018-14031 CVE-2018-14032 CVE-2018-14033 CVE-2018-14034 CVE-2018-14035

12532742
799785

Minor

dev-libs/keystone: multiple vulnerabilities (CVE-2020-{36404,36405})

CVE-2020-36404 CVE-2020-36405

12461658

tracker (27)


Normal: 1 / ??: 26
Average staleness: 417 / Average age: 974

BugSeveritySummaryStatusStaleAge
915553

Normal

[Tracker] HTTP/2 Rapid Reset vulnerability

CVE-2023-44487

Tracked bugs: 8 open / 14 total

153828
824306

??

[Tracker] Vulnerability in gstreamer (CVE-2021-3522)

CVE-2021-3522

Tracked bugs: 1 open / 2 total

15191519
807352

??

[Tracker] NO STARTTLS collection of vulnerabilities

Tracked bugs: 2 open / 18 total

12391619
811909

??

[Tracker] ElGamal Plaintext Recovery in dev-libs/botan

CVE-2021-40529

Tracked bugs: 1 open / 2 total

12391591
924455

??

[Tracker] "KeyTrap" DNS DoS vulnerability

CVE-2023-50387 CVE-2023-50868

Tracked bugs: 4 open / 5 total

695701
643228

??

[TRACKER] kernel: Meltdown and Spectre - A flaw in modern processors (CVE-2017-{5715,5753,5754})

Tracked bugs: 1 open / 7 total

6832934
643342

??

[TRACKER] hw: cpu: speculative execution branch target injection (CVE-2017-5715)

CVE-2017-5715

Tracked bugs: 1 open / 11 total

6832933
920280

??

[Tracker] Terrapin Vulnerability

CVE-2023-48795

Tracked bugs: 4 open / 10 total

635759
932373

??

[Tracker] Mozilla Foundation Security Advisory for May 14/15th, 2024

CVE-2024-4367 CVE-2024-4767 CVE-2024-4768 CVE-2024-4769 CVE-2024-4770 CVE-2024-4777 MSFA2024-21 MSFA2024-22 MSFA2024-23

Tracked bugs: 263 open / 10000 total

604604
942468

??

[Tracker] Mozilla Foundation Security Advisory for October 29, 2024

CVE-2024-10458 CVE-2024-10459 CVE-2024-10460 CVE-2024-10461 CVE-2024-10462 CVE-2024-10463 CVE-2024-10464 CVE-2024-10465 CVE-2024-10466 CVE-2024-10467 CVE-2024-10468 MFSA2024-55 MFSA2024-56 MFSA2024-57 MFSA2024-58 MFSA2024-59

Tracked bugs: 1 open / 3 total

443443

upstream (92)


Major: 4 / Normal: 25 / Minor: 46 / Trivial: 13 / ??: 4
Average staleness: 990 / Average age: 1499

BugSeveritySummaryStatusStaleAge
626822

Major

media-libs/libmad: Dos (memory corruption) via crafted MP3 files

CVE-2017-11552

17223089
907924

Major

dev-python/reportlab: remote code execution

CVE-2023-33733

954954
866386

Major

app-arch/unzip: null pointer dereference

CVE-2021-4217

8301240
901393

Major

app-admin/doas: vulnerable to privilege escalation via TIOCSTI/TIOCLINUX command injection

CVE-2023-28339

3731037
721672

Normal

dev-python/pip: Possible code execution via untrusted packages from external indexes (CVE-2018-20225)

CVE-2018-20225

20782078
617474

Normal

x11-libs/cairo: NULL pointer dereference with a crafted font file (CVE-2017-7475)

CVE-2017-7475

16363178
810034

Normal

media-libs/plib: integer overflow leading to code execution (CVE-2021-38714)

CVE-2021-38714

16051605
717714

Normal

sys-devel/flex: Stack exhaustion in mark_beginning_as_normal causing denial of service (CVE-2019-6293)

15512100
845039

Normal

dev-embedded/u-boot-tools: unbounded memcpy in nfs

CVE-2022-30767

13401340
829835

Normal

sys-devel/patch: invalid free vulnerability

CVE-2021-45261

sys-devel/patch: Double free allowing DoS in another_hunk (CVE-2019-20633)

12471485

upstreamebuild (32)


Normal: 9 / Minor: 15 / Trivial: 7 / ??: 1
Average staleness: 688 / Average age: 1212

BugSeveritySummaryStatusStaleAge
798480

Normal

app-text/djvu: multiple vulnerabilities (CVE-2021-{3500,32490,32491,32492,32493})

CVE-2021-32490 CVE-2021-32491 CVE-2021-32492 CVE-2021-32493 CVE-2021-3500

14761665
759544

Normal

www-misc/awstats: Arbitrary code execution (CVE-2020-35176)

CVE-2020-35176

12481860
821346

Normal

dev-db/redis: integer overflow via bundled hiredis

11811535
836920

Normal

sys-apps/busybox: multiple vulnerabilities

CVE-2022-28391 CVE-2022-30065

8881380
793953

Normal

net-dns/avahi: multiple DoS vulnerabilities

CVE-2021-3468 CVE-2021-3502 CVE-2021-36217 CVE-2023-1981 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473

8021688
918403

Normal

media-libs/tiff: crafted input results in out-of-memory

CVE-2023-6277

783783
897952

Normal

app-text/htmltidy: arbitrary code execution

CVE-2021-33391

5661054
838382

Normal

media-sound/sox: multiple vulnerabilities

CVE-2021-23159 CVE-2021-23172 CVE-2021-23210 CVE-2021-33844 CVE-2021-3643 CVE-2021-40426 CVE-2022-31650 CVE-2022-31651 CVE-2023-26590 CVE-2023-32627 CVE-2023-34318 CVE-2023-34432

3961371
966254

Normal

sys-boot/grub: multiple vulnerabilities

CVE-2025-54770 CVE-2025-54771 CVE-2025-61661 CVE-2025-61662 CVE-2025-61663 CVE-2025-61664

sys-boot/grub: Multiple vulnerabilities

5757
638434

Minor

sys-libs/db: Berkeley DB reads DB_CONFIG from the current working directory

CVE-2017-10140

20412976

ebuild (48)


Critical: 2 / Major: 4 / Normal: 14 / Minor: 19 / Trivial: 7 / ??: 2
Average staleness: 680 / Average age: 885

BugSeveritySummaryStatusStaleAge
918679

Critical

dev-libs/stb: multiple vulnerabilities

CVE-2023-43281 CVE-2023-43898 CVE-2023-45661 CVE-2023-45662 CVE-2023-45663 CVE-2023-45664 CVE-2023-45666 CVE-2023-45667 CVE-2023-45675 CVE-2023-45676 CVE-2023-45677 CVE-2023-45678 CVE-2023-45679 CVE-2023-45680 CVE-2023-45681 CVE-2023-45682

648779
937483

Critical

net-wireless/wpa_supplicant: possible privilege escalation

CVE-2024-5290

264526
942684

Major

sys-cluster/slurm: Incorrect Authorization

CVE-2024-48936

298440
953891

Major

www-client/firefox{-bin,}: multiple vulnerabilities

CVE-2025-3608

274275
953892

Major

mail-client/thunderbird{-bin,}: multiple vulnerabilities

CVE-2025-2830 CVE-2025-3523

272275
965825

Major

app-containers/containerd: multiple vulnerabilities

CVE-2024-25621 CVE-2025-64329 GHSA-m6hq-p25p-ffr2 GHSA-pwhc-rpq9-4c8w

5168
802513

Normal

net-analyzer/fail2ban: code exection via malicious whois responses (CVE-2021-32749)

CVE-2021-32749

12541644
821220

Normal

<sys-devel/gcc-12.1.0: Unicode "bidirectional override" (CVE-2021-42574)

12501536
868150

Normal

<dev-lang/python-{3.8.13_p8, 3.9.13_p6, 3.10.6_p4, 3.11.0_rc1_p2}, dev-python/pypy{,3}: Denial of service via abuse of bignum int type

CVE-2020-10735

11911230
917613

Normal

net-libs/pjproject: UAF in SRTP media transport

CVE-2023-38703

787787

stable? (16)


Major: 2 / Normal: 2 / Minor: 7 / ??: 5
Average staleness: 38 / Average age: 242

BugSeveritySummaryStatusStaleAge
963579

Major

app-emulation/open-vm-tools: local privilege escalation on guest VM

CVE-2025-41244

84108
961516

Minor

<dev-ruby/rails-{7.1.5.2:7.1,7.2.2.2:7.2,8.0.2.1:8.0}: Multiple Vulnerabilities

CVE-2025-24293 CVE-2025-55193

153153
963338

Minor

<net-libs/webkit-gtk-2.50.1: multiple vulnerabilities

CVE-2025-43272 CVE-2025-43342 CVE-2025-43343 CVE-2025-43356 CVE-2025-43368

<net-libs/webkit-gtk-2.50.4: multiple vulnerabilities

82114
715470

Minor

<net-misc/sendmail-8.18.1-r1: Possibly inadequate key sizes for RSA

752117
966201

Minor

<kde-misc/kdeconnect-{25.08.2-r1,25.08.3-r1} and gnome-extra/gnome-shell-extension-gsconnect: Security vulnerability

CVE-2025-66270

3259
967498

Minor

<app-containers/apptainer-1.4.5: ineffective application of selinux / apparmor --security option

CVE-2025-65105

3131
966398

??

<net-irc/weechat-4.7.2: multiple vulnerabilities

3253
967237

??

<dev-libs/glib-2.84.4-r1: Multiple vulnerabilities

CVE-2025-13601 CVE-2025-14087

3038
967612

??

<sys-apps/util-linux-2.41.3: Buffer overflow in setpwnam

CVE-2025-14104

3030
967885

??

<net-analyzer/net-snmp-5.9.5: "critical vulnerability" in snmptrapd

2223

stable (13)


Major: 3 / Normal: 5 / Minor: 5
Average staleness: 32 / Average age: 105

BugSeveritySummaryStatusStaleAge
965719

Major

<app-containers/runc-{1.2.8,1.3.3}: Multiple vulnerabilities

CVE-2025-31133 CVE-2025-52565 CVE-2025-52881

6971
965550

Major

<net-vpn/strongswan-6.0.3: buffer overflow and potential RCE with useflag eap

CVE-2025-62291

4072
921521

Normal

<mail-mta/sendmail-8.18.1: smtp smuggling

CVE-2023-51765

173740
965041

Normal

<net-dns/bind-{9.18.42,9.20.16}: multiple vulnerabilities

CVE-2025-40778 CVE-2025-40780 CVE-2025-8677

5184
967910

Minor

<www-servers/nginx-1.28.1: (CVE-2025-53859) Processing of a specially crafted login/password in ngx_mail_smtp_module might cause worker process memory disclosure

2223

cleanup (212)


Critical: 1 / Major: 29 / Normal: 35 / Minor: 133 / Trivial: 9 / ??: 5
Average staleness: 376 / Average age: 563

BugSeveritySummaryStatusStaleAge
953023

Critical

<dev-lang/spidermonkey-128.9.0: multiple vulnerabilities

<dev-lang/spidermonkey-128.4.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.5.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.6.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.8.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.13.0: multiple vulnerabilities

118289
922474

Major

<sys-apps/coreutils-9.4-r1: split heap buffer overflow vulnerability

CVE-2024-0684

<sys-apps/coreutils-9.5: chmod -R TOCTOU vulnerability

559727
884799

Major

<net-analyzer/cacti-1.2.26: multiple vulnerabilities

CVE-2022-46169 CVE-2023-30534 CVE-2023-31132 CVE-2023-39357 CVE-2023-39358 CVE-2023-39359 CVE-2023-39360 CVE-2023-39361 CVE-2023-39362 CVE-2023-39365 CVE-2023-39510 CVE-2023-39511 CVE-2023-39512 CVE-2023-39513 CVE-2023-39514 CVE-2023-39515 CVE-2023-39516

4041134
937127

Major

<dev-lang/orc-0.4.40: Stack-based buffer overflow when formatting error messages for certain input files.

CVE-2024-40897

248531
942471

Major

<dev-lang/spidermonkey-128.4.0: multiple vulnerabilities

<dev-lang/spidermonkey-128.5.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.6.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.8.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.9.0: multiple vulnerabilities
<dev-lang/spidermonkey-128.13.0: multiple vulnerabilities

246443
952921

Major

<sys-process/atop-2.11.1: heap corruption

CVE-2025-31160

246291
949825

Major

<x11-libs/gtk+-3.24.48: Search path vulnerability

CVE-2024-6655

217333
957155

Major

<mail-client/roundcube-1.6.11 : Post-Auth RCE via PHP Object Deserialization

<mail-client/roundcube-1.6.8: XSS vulnerability

177224
958320

Major

<sys-libs/pam-1.7.1: Multiple vulnerabilities

CVE-2024-10963 CVE-2025-6020

132212
950112

Major

<media-libs/openh264-2.6.0: Decoding functions heap overflow

CVE-2025-27091 GHSA-m99q-5j7x-7m9x

123327

glsa? (651)


Major: 16 / Normal: 109 / Minor: 508 / Trivial: 3 / ??: 15
Average staleness: 553 / Average age: 838

BugSeveritySummaryStatusStaleAge
960565

Major

<mail-client/thunderbird{-bin,}-128.13.0: multiple vulnerabilities

mail-client/thunderbird: august 2025 vulnerabilities, <142.0 & <140.2.0 & <128.14.0
mail-client/thunderbird: <144.0 & <140.4.0 October 2025 vulnerabilities

960565, 961886, 964432

172176
960564

Major

<www-client/firefox{-bin,}-{128.13.0,140.1.0,141.0}: multiple vulnerabilities

www-client/firefox: <142.0 & <140.2.0 & <128.14.0 august 2025 vulnerabilities
www-client/firefox: <143.0 & <140.3.0 september 2025 vulnerabilities
www-client/firefox: <144.0 & <140.4.0 October 2025 vulnerabilities
www-client/firefox: <145.0 & <140.5.0 November 2025 vulnerabilities

960564, 961884, 962992, 964338, 966044

152176
961884

Major

www-client/firefox: <142.0 & <140.2.0 & <128.14.0 august 2025 vulnerabilities

<www-client/firefox{-bin,}-{128.13.0,140.1.0,141.0}: multiple vulnerabilities
www-client/firefox: <144.0 & <140.4.0 October 2025 vulnerabilities
www-client/firefox: <145.0 & <140.5.0 November 2025 vulnerabilities

961884, 960564, 964338, 966044

98146
961886

Major

mail-client/thunderbird: august 2025 vulnerabilities, <142.0 & <140.2.0 & <128.14.0

<mail-client/thunderbird{-bin,}-128.13.0: multiple vulnerabilities
mail-client/thunderbird: <144.0 & <140.4.0 October 2025 vulnerabilities

961886, 960565, 964432

98146
962992

Major

www-client/firefox: <143.0 & <140.3.0 september 2025 vulnerabilities

<www-client/firefox{-bin,}-{128.13.0,140.1.0,141.0}: multiple vulnerabilities
www-client/firefox: <144.0 & <140.4.0 October 2025 vulnerabilities
www-client/firefox: <145.0 & <140.5.0 November 2025 vulnerabilities

962992, 960564, 964338, 966044

98120
942077

Major

<dev-lang/python-{3.9.21_p1:3.9,3.10.16_p1:3.10,3.11.11_p1:3.11,3.12.8:3.12,3.13.1:3.13,3.13.1_p1-r100:3.13t,3.14.0_alpha2:3.14,3.14.0_alpha2-r100:3.14t}: Virtual environment (venv) activation scripts don't quote paths

CVE-2024-9287

<dev-lang/python-{0.3.13.5_p1,0.3.14.0_rc1_p1,3.9.23_p2,3.10.18_p2,3.11.13_p1,3.12.11_p1,3.13.5_p1,3.14.0_rc1_p1}, <dev-lang/pypy-3.11.7.3.20_p2: HTMLParser quadratic complexity when processing malformed inputs (and more HTMLParser vulnerabilities)
<dev-lang/python-{0.3.13.5_p1,0.3.14.0_rc1_p1,3.9.23_p2,3.10.18_p2,3.11.13_p1,3.12.11_p1,3.13.5_p1,3.14.0_rc1_p1}, <dev-lang/pypy-3.11.7.3.20_p2: Tarfile infinite loop during parsing with negative member offset

942077, 958449, 960868

95448
960929

Major

<dev-java/commons-beanutils-1.11.0: PropertyUtilsBean does not suppresses an enum's declaredClass property by default

CVE-2025-48734

60167
961498

Major

<app-editors/{vim,vim-core,gvim}-9.1.1652: multiple vulnerabilities

CVE-2025-53905 CVE-2025-53906

59154
960930

Major

<net-misc/asterisk security-{18.26.3,20.15.2,21.10.2,22.5.2}: GHSA-mrq5-74j5-f5cr & GHSA-v9q8-9j8m-5xwp & GHSA-64qc-9x89-rx5j

CVE-2025-1131 CVE-2025-49832 CVE-2025-57767 GHSA-64qc-9x89-rx5j GHSA-mrq5-74j5-f5cr GHSA-v9q8-9j8m-5xwp

45167
965334

Major

<media-gfx/gimp-{2.10.38-r3,3.0.6}: XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

CVE-2025-10934 GHSA-wv7v-cchq-8fjh ZDI-25-978

3777

glsa (0)



BugSeveritySummaryStatusStaleAge